Back to search
CVE-2021-3688
Published: Aug 26, 2022
Modified: Aug 3, 2024
PUBLISHED
Description
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
| Vendor | Product | Versions |
|---|---|---|
n/a | Red Hat JBCS HTTP Server | affected Fixed in jbcs-httpd-2.4.37.SP10 GA |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1990252
x_refsource_MISC
https://access.redhat.com/security/cve/CVE-2021-3688
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now